System and method for software tamper detection
First Claim
1. A computer-readable medium having computer-executable instructions for detecting modification of a software component, the computer-executable instructions enabling actions comprising:
- receiving first portion of a decryption key;
determining an integrity value associated with the software component;
combining the first portion of the decryption key with the integrity value to generate the decryption key;
employing the generated decryption key to attempt to decrypt content; and
if the integrity value indicates that the software component is unmodified and the generated decryption key is properly generated, successfully decrypting the content.
4 Assignments
0 Petitions
Accused Products
Abstract
A method, system, and apparatus are directed towards detecting unauthorized modification of software, such as virtual smart card software. An analysis is performed on the software to generate a unique pattern that is based on the integrity of the software. The pattern is generated using various portions of the software code. In one embodiment, matrix manipulations that involve a sequence of randomly selected matrix operations are performed on extracted portions of the software code. Sample sizes of the software code, sizes of the matrices, and other initialization parameters may be selected based on a desired security level. The resulting pattern may then be compared to a known normal pattern for the software to detect unauthorized modification. In one embodiment, however, the resulting pattern may be algorithmically combined with another value. The resulting combination may be used to decrypt content, if the software has not been modified.
-
Citations
28 Claims
-
1. A computer-readable medium having computer-executable instructions for detecting modification of a software component, the computer-executable instructions enabling actions comprising:
-
receiving first portion of a decryption key;
determining an integrity value associated with the software component;
combining the first portion of the decryption key with the integrity value to generate the decryption key;
employing the generated decryption key to attempt to decrypt content; and
if the integrity value indicates that the software component is unmodified and the generated decryption key is properly generated, successfully decrypting the content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of detecting a modification of a software component, the method comprising:
-
determining a data preparation set of parameters (DPS) based, in part, on a desired security level, wherein the DPS includes a key matrix;
performing, at a server device, an integrity determination upon the software component residing on the server using the DPS to generate a prototype pattern;
providing the DPS to a client device;
performing, at the client device, the integrity determination upon a copy the software component residing on the client device using the DPS to generate a pattern;
comparing the prototype pattern to the pattern to determine whether a modification of the copy of the software component is detected, and if a modification of the copy of the software component is detected, performing a detection action. - View Dependent Claims (10, 11, 12)
-
-
13. A system of detecting a modification of a software component, comprising:
-
a server device, that is configured to perform actions, comprising;
determining a data preparation set of parameters (DPS), wherein the DPS is, at least in part, randomly selected, and is further determined based, in part, on a desired security level, the DPS including a key matrix;
determining a prototype pattern based on the DPS for a copy of the software component, wherein the determination comprises performing a randomly selected matrix operation on at least a portion of the copy of the software component; and
sending at least the DPS to a client device; and
the client device, that is in communication with the server device, and is configured to perform actions, comprising;
receiving at least the DPS; and
determining a pattern based on the received DPS for the software component, wherein the determination comprises performing the randomly selected matrix operation on at least a portion of the software component. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A server device having computer-executable components for use in detecting a modification of a software component, the components comprising:
-
a transceiver for receiving and sending information;
a processor, in communication with the transceiver, that includes machine instructions that cause the processor to perform operations, including;
determining a data preparation set of parameters (DPS), wherein the DPS is based, at least in part, on a desired security level, the DPS including a key matrix;
determining a prototype pattern based on the DPS for a copy of the software component, wherein the determination comprises performing at least one matrix operation on at least a portion of the copy of the software component;
sending at least the DPS to a client device;
receiving a pattern for the software component, the pattern being determined in part on the received DPS, wherein the determination comprises performing the at least one matrix operation on at least a portion of the software component;
comparing the prototype pattern with the pattern to determine if the software component of the client device is modified; and
if a modification is detected, performing a detection action.
-
-
19. A client device for use in detecting a modification of a software component, the client device comprising:
-
a transceiver for receiving and sending information;
a processor, in communication with the transceiver, that includes machine instructions that cause the processor to perform operations, including;
receiving first value from a server;
determining an integrity value associated with at least a portion of the software component;
combining the first value with the integrity value to generate the decryption key; and
if the integrity value indicates that the software component is unmodified, enabling the decryption key to decrypt content. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A client device having computer-executable components for use in detecting a modification of a software component, the components comprising:
a processor that includes machine instructions that causes the processor to perform operations, including;
receiving a data preparation set of parameters (DPS), wherein the DPS includes a key matrix;
receiving a first portion of a decryption key to a client device;
determining an integrity pattern for the software component based in part on the received DPS; and
generating the decryption key by algorithmically combining the pattern with the first portion of the decryption key, wherein the decryption key enables decryption of content if the software component is unmodified. - View Dependent Claims (25)
-
26. A modulated data signal for use in detecting a modification of a software component, the modulated data signal comprising instructions that enable the computing device to perform the actions of:
-
sending to a client device a data preparation set of parameters (DPS) that includes at least a key matrix;
providing to the client device, a prototype pattern that is based on the DPS and a matrix operation on at least a portion of a copy of the software component, the prototype pattern indicating an integrity of the copy of the software component;
enabling, at the client device, a determination of a pattern for the software component, the pattern being based in part on the received DPS and the matrix operation on at least a portion of the software component, the pattern indicating an integrity of the software component;
enabling the client device to compare the prototype pattern with the pattern to determine if the software component of the client device is modified; and
if a modification is detected, enabling the client device to perform a detection action. - View Dependent Claims (27)
-
-
28. A client device for use in detecting a modification of a software component, comprising:
-
means for receiving a first value associated with content;
means for determining an integrity value associated with the software component;
means for combining the first value with the integrity value to generate a decryption key; and
if the integrity value indicates that the software component is unmodified, means for decrypting content.
-
Specification